I have been researching certificates for the past few days and one of the things I don't understand is how certificates created by SBS (Small Business Server from Microsoft) are validated when trying to access a https connection from outside.
For instance, there is a network x which has SBS 2008 serving https://sbs.x.com, on that networks is a CA that has created a root certificate and a leaf certificate for the site.
In the leaf certificate there is an AIA extension with an ldap reference. Isn't that the way for the certificate to tell the browser which visits https://sbs.x.com where to look for the root certificate? So if the local machine I am on (and not part of network x) doesn't have access to an ldap with the root certificate in the right place then there is no way for it to verify the leaf certificate sent by the web server?
But what if I have fetched the root certificate by other means and installed it into certmgr.msc as a Trusted Root Certificate? Does that matter or does the browser still try the ldap and ignores the certificate in certmgr.msc?
I ask this since I am always seeing a https error in IE and Chrome (Firefox uses it's own certificate machine so that can be handled separately), even though I have imported the root certificate and leaf certificate and have verified using openssl that the latter derives from the former.
Aucun commentaire:
Enregistrer un commentaire